Revision 786c2117
Von aquamaniac vor mehr als 21 Jahren hinzugefügt
src/impl/ipc/ipcxmlsecctx.c | ||
---|---|---|
GWEN_CryptKey_free(d->sessionKey);
|
||
free(d->serviceCode);
|
||
free(d->securityId);
|
||
GWEN_KeyManager_free(d->keyManager);
|
||
GWEN_CryptKey_free(d->remoteSignKey);
|
||
GWEN_CryptKey_free(d->remoteCryptKey);
|
||
free(d);
|
||
}
|
||
}
|
||
... | ... | |
int crypt){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
GWEN_ERRORCODE err;
|
||
const GWEN_CRYPTKEY *key;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
key=GWEN_KeyManager_GetKey(scd->keyManager,
|
||
GWEN_HBCICryptoContext_GetKeySpec(ctx));
|
||
if (!key) {
|
||
DBG_ERROR(0, "Key not found");
|
||
return -1;
|
||
}
|
||
|
||
if (crypt) {
|
||
if (scd->remoteCryptKey==0) {
|
||
DBG_ERROR(0, "No remote crypt key");
|
||
return -1;
|
||
}
|
||
GWEN_HBCICryptoContext_SetKeySpec(ctx,
|
||
GWEN_CryptKey_GetKeySpec(scd->remoteCryptKey));
|
||
if (!(scd->sessionKey)) {
|
||
GWEN_BUFFER *kbuf;
|
||
GWEN_BUFFER *sbuf;
|
||
... | ... | |
}
|
||
|
||
GWEN_Buffer_Rewind(kbuf);
|
||
i=GWEN_CryptKey_GetChunkSize(key)-16;
|
||
i=GWEN_CryptKey_GetChunkSize(scd->remoteCryptKey)-16;
|
||
DBG_INFO(0, "Padding with %d bytes", i);
|
||
while(i-->0) {
|
||
if (GWEN_Buffer_InsertByte(kbuf, (char)0)) {
|
||
... | ... | |
|
||
sbuf=GWEN_Buffer_new(0, 256, 0, 1);
|
||
DBG_INFO(0, "Encrypting key");
|
||
err=GWEN_CryptKey_Encrypt(key,
|
||
err=GWEN_CryptKey_Encrypt(scd->remoteCryptKey,
|
||
kbuf,
|
||
sbuf);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
... | ... | |
} /* if no session key */
|
||
}
|
||
else {
|
||
if (scd->localSignKey==0) {
|
||
DBG_ERROR(0, "No local sign key");
|
||
return -1;
|
||
}
|
||
GWEN_HBCICryptoContext_SetKeySpec(ctx,
|
||
GWEN_CryptKey_GetKeySpec(scd->localSignKey));
|
||
/* sign */
|
||
GWEN_HBCICryptoContext_SetSequenceNum(ctx,
|
||
GWEN_SecContext_GetLocalSignSeq(sc));
|
||
GWEN_IPCXMLSecCtx_GetLocalSignSeq(sc));
|
||
}
|
||
|
||
GWEN_HBCICryptoContext_SetMode(ctx, "RDH");
|
||
... | ... | |
GWEN_MD *md;
|
||
GWEN_BUFFER *hashbuf;
|
||
GWEN_ERRORCODE err;
|
||
const GWEN_CRYPTKEY *signKey;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
if (scd->localSignKey==0) {
|
||
DBG_ERROR(0, "No local sign key");
|
||
return -1;
|
||
}
|
||
|
||
/* hash data */
|
||
DBG_INFO(0, "Hash data");
|
||
md=GWEN_MD_Factory("RMD160");
|
||
... | ... | |
|
||
/* sign hash */
|
||
GWEN_Buffer_Rewind(hashbuf);
|
||
signKey=GWEN_KeyManager_GetKey(scd->keyManager,
|
||
GWEN_HBCICryptoContext_GetKeySpec(ctx));
|
||
|
||
err=GWEN_CryptKey_Sign(signKey,
|
||
err=GWEN_CryptKey_Sign(scd->localSignKey,
|
||
hashbuf,
|
||
signbuf);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
... | ... | |
}
|
||
|
||
/* increment signature counter */
|
||
GWEN_SecContext_NextLocalSignSeq(sc);
|
||
scd->localSignSeq++;
|
||
|
||
GWEN_Buffer_free(hashbuf);
|
||
DBG_INFO(0, "Signing done");
|
||
... | ... | |
GWEN_BUFFER *hashbuf;
|
||
GWEN_ERRORCODE err;
|
||
unsigned int rseq;
|
||
const GWEN_CRYPTKEY *signKey;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
signKey=GWEN_KeyManager_GetKey(scd->keyManager,
|
||
GWEN_HBCICryptoContext_GetKeySpec(ctx));
|
||
if (!signKey) {
|
||
DBG_ERROR(0, "Key not found");
|
||
if (scd->remoteSignKey==0) {
|
||
DBG_ERROR(0, "No remote sign key");
|
||
return -1;
|
||
}
|
||
|
||
/* check signature sequence number */
|
||
rseq=GWEN_HBCICryptoContext_GetSequenceNum(ctx);
|
||
if (rseq<=GWEN_SecContext_GetRemoteSignSeq(sc)) {
|
||
if (rseq<=GWEN_IPCXMLSecCtx_GetRemoteSignSeq(sc)) {
|
||
DBG_ERROR(0, "bad signature sequence number (%d<%d)",
|
||
rseq, GWEN_SecContext_GetRemoteSignSeq(sc));
|
||
rseq, GWEN_IPCXMLSecCtx_GetRemoteSignSeq(sc));
|
||
//return -1; /* comment this out for debugging purposes */
|
||
}
|
||
GWEN_SecContext_SetRemoteSignSeq(sc, rseq);
|
||
GWEN_IPCXMLSecCtx_SetRemoteSignSeq(sc, rseq);
|
||
|
||
/* hash data */
|
||
md=GWEN_MD_Factory("RMD160");
|
||
... | ... | |
}
|
||
|
||
/* verify hash */
|
||
err=GWEN_CryptKey_Verify(signKey,
|
||
err=GWEN_CryptKey_Verify(scd->remoteSignKey,
|
||
hashbuf,
|
||
signbuf);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
... | ... | |
GWEN_BUFFER *kbuf;
|
||
GWEN_BUFFER *sbuf;
|
||
GWEN_CRYPTKEY *key;
|
||
const GWEN_CRYPTKEY *cryptKey;
|
||
char *km;
|
||
|
||
DBG_NOTICE(0, "Storing new session key");
|
||
... | ... | |
}
|
||
kbuf=GWEN_Buffer_new(0, 256, 0, 1);
|
||
GWEN_Buffer_Rewind(sbuf);
|
||
cryptKey=GWEN_KeyManager_GetKey(scd->keyManager,
|
||
GWEN_HBCICryptoContext_GetKeySpec(ctx));
|
||
if (!cryptKey) {
|
||
DBG_ERROR(0, "Key not found");
|
||
if (scd->localCryptKey==0) {
|
||
DBG_ERROR(0, "No local crypt key");
|
||
return -1;
|
||
}
|
||
|
||
err=GWEN_CryptKey_Decrypt(cryptKey,
|
||
err=GWEN_CryptKey_Decrypt(scd->localCryptKey,
|
||
sbuf,
|
||
kbuf);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
... | ... | |
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
DBG_ERROR(0, "Freeing SecCtx-Data");
|
||
GWEN_IPCXMLSecCtxData_free(scd);
|
||
}
|
||
|
||
... | ... | |
|
||
GWEN_CryptKey_free(scd->sessionKey);
|
||
scd->sessionKey=0;
|
||
free(scd->securityId);
|
||
scd->securityId=0;
|
||
}
|
||
|
||
|
||
... | ... | |
|
||
|
||
|
||
const char *GWEN_IPCXMLSecCtx_GetSecurityId(GWEN_SECCTX *sc){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
return scd->securityId;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetSecurityId(GWEN_SECCTX *sc,
|
||
const char *s){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
assert(s);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
free(scd->securityId);
|
||
scd->securityId=strdup(s);
|
||
}
|
||
|
||
|
||
|
||
unsigned int GWEN_IPCXMLSecCtx_GetLocalSignSeq(GWEN_SECCTX *sc) {
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
return scd->localSignSeq;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetLocalSignSeq(GWEN_SECCTX *sc,
|
||
unsigned int i) {
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
scd->localSignSeq=i;
|
||
}
|
||
|
||
|
||
|
||
unsigned int GWEN_IPCXMLSecCtx_GetRemoteSignSeq(GWEN_SECCTX *sc) {
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
return scd->remoteSignSeq;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetRemoteSignSeq(GWEN_SECCTX *sc,
|
||
unsigned int i) {
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
scd->remoteSignSeq=i;
|
||
}
|
||
|
||
|
||
|
||
GWEN_SECCTX *GWEN_IPCXMLSecCtx_new(const char *localName,
|
||
const char *remoteName){
|
||
GWEN_SECCTX *sc;
|
||
... | ... | |
|
||
sc=GWEN_SecContext_new(localName, remoteName);
|
||
scd=GWEN_IPCXMLSecCtxData_new();
|
||
scd->keyManager=GWEN_IPCXMLKeyManager_new();
|
||
scd->localSignSeq=1;
|
||
scd->remoteSignSeq=0;
|
||
|
||
GWEN_SecContext_SetPrepareCtxFn(sc, GWEN_IPCXMLSecCtx_PrepareCTX);
|
||
GWEN_SecContext_SetSignFn(sc, GWEN_IPCXMLSecCtx_Sign);
|
||
GWEN_SecContext_SetVerifyFn(sc, GWEN_IPCXMLSecCtx_Verify);
|
||
GWEN_SecContext_SetEncryptFn(sc, GWEN_IPCXMLSecCtx_Encrypt);
|
||
GWEN_SecContext_SetDecrpytFn(sc, GWEN_IPCXMLSecCtx_Decrypt);
|
||
GWEN_SecContext_SetFreeDataFn(sc, GWEN_IPCXMLSecCtx_FreeData);
|
||
GWEN_SecContext_SetFromDbFn(sc, GWEN_IPCXMLSecCtx_FromDB);
|
||
GWEN_SecContext_SetToDbFn(sc, GWEN_IPCXMLSecCtx_ToDB);
|
||
|
||
GWEN_SecContext_SetData(sc, scd);
|
||
|
||
... | ... | |
}
|
||
|
||
|
||
int GWEN_IPCXMLSecCtx_AddKey(GWEN_SECCTX *sc,
|
||
const GWEN_CRYPTKEY *k){
|
||
int GWEN_IPCXMLSecCtx_FromDB(GWEN_SECCTX *sc,
|
||
GWEN_DB_NODE *db){
|
||
const char *p;
|
||
GWEN_DB_NODE *gr;
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
assert(k);
|
||
scd=GWEN_IPCXMLSecCtxData_new();
|
||
assert(scd);
|
||
scd->localSignSeq=GWEN_DB_GetIntValue(db, "localsignseq", 0, 0);
|
||
scd->remoteSignSeq=GWEN_DB_GetIntValue(db, "remotesignseq", 0, 0);
|
||
p=GWEN_DB_GetCharValue(db, "serviceCode", 0, 0);
|
||
if (p)
|
||
GWEN_IPCXMLSecCtx_SetServiceCode(sc, p);
|
||
p=GWEN_DB_GetCharValue(db, "securityId", 0, 0);
|
||
if (p)
|
||
GWEN_IPCXMLSecCtx_SetSecurityId(sc, p);
|
||
|
||
/* read the keys */
|
||
gr=GWEN_DB_GetGroup(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
|
||
"remotesignkey");
|
||
if (gr) {
|
||
GWEN_CryptKey_free(scd->remoteSignKey);
|
||
scd->remoteSignKey=GWEN_CryptKey_FromDb(gr);
|
||
if (scd->remoteSignKey==0) {
|
||
DBG_ERROR(0, "Could not read key");
|
||
return 0;
|
||
}
|
||
} /* if "remotesignkey" group */
|
||
|
||
gr=GWEN_DB_GetGroup(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
|
||
"remotecryptkey");
|
||
if (gr) {
|
||
GWEN_CryptKey_free(scd->remoteCryptKey);
|
||
scd->remoteCryptKey=GWEN_CryptKey_FromDb(gr);
|
||
if (scd->remoteCryptKey==0) {
|
||
DBG_ERROR(0, "Could not read key");
|
||
return 0;
|
||
}
|
||
} /* if "remotecryptkey" group */
|
||
|
||
GWEN_SecContext_SetData(sc, scd);
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
int GWEN_IPCXMLSecCtx_ToDB(GWEN_SECCTX *sc,
|
||
GWEN_DB_NODE *db){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
GWEN_DB_NODE *gr;
|
||
GWEN_ERRORCODE err;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
assert(scd->keyManager);
|
||
|
||
if (GWEN_KeyManager_AddKey(scd->keyManager, k)) {
|
||
DBG_INFO(0, "here");
|
||
return -1;
|
||
GWEN_DB_SetIntValue(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_DB_FLAGS_OVERWRITE_VARS,
|
||
"localsignseq",
|
||
scd->localSignSeq);
|
||
GWEN_DB_SetIntValue(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_DB_FLAGS_OVERWRITE_VARS,
|
||
"remotesignseq",
|
||
scd->remoteSignSeq);
|
||
if (scd->remoteSignKey) {
|
||
gr=GWEN_DB_GetGroup(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_PATH_FLAGS_CREATE_GROUP,
|
||
"remotesignkey");
|
||
assert(gr);
|
||
err=GWEN_CryptKey_ToDb(scd->remoteSignKey, gr, 1);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
DBG_INFO_ERR(0, err);
|
||
return -1;
|
||
}
|
||
}
|
||
|
||
if (scd->remoteCryptKey) {
|
||
gr=GWEN_DB_GetGroup(db,
|
||
GWEN_DB_FLAGS_DEFAULT |
|
||
GWEN_PATH_FLAGS_CREATE_GROUP,
|
||
"remotecryptkey");
|
||
assert(gr);
|
||
err=GWEN_CryptKey_ToDb(scd->remoteCryptKey, gr, 1);
|
||
if (!GWEN_Error_IsOk(err)) {
|
||
DBG_INFO_ERR(0, err);
|
||
return -1;
|
||
}
|
||
}
|
||
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetLocalSignKey(GWEN_SECCTX *sc,
|
||
const GWEN_CRYPTKEY *key){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
scd->localSignKey=key;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetLocalCryptKey(GWEN_SECCTX *sc,
|
||
const GWEN_CRYPTKEY *key){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
scd->localCryptKey=key;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetRemoteSignKey(GWEN_SECCTX *sc,
|
||
GWEN_CRYPTKEY *key){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
GWEN_CryptKey_free(scd->remoteSignKey);
|
||
scd->remoteSignKey=key;
|
||
}
|
||
|
||
|
||
|
||
void GWEN_IPCXMLSecCtx_SetRemoteCryptKey(GWEN_SECCTX *sc,
|
||
GWEN_CRYPTKEY *key){
|
||
GWEN_IPCXMLSECCTXDATA *scd;
|
||
|
||
assert(sc);
|
||
scd=(GWEN_IPCXMLSECCTXDATA*)GWEN_SecContext_GetData(sc);
|
||
assert(scd);
|
||
|
||
GWEN_CryptKey_free(scd->remoteCryptKey);
|
||
scd->remoteCryptKey=key;
|
||
}
|
||
|
||
|
||
|
||
|
||
|
Auch abrufbar als: Unified diff
- more work on IPC. I think I now have found the best method ;-)
git-svn-id: https://devel.aqbanking.de/svn/gwenhywfar/trunk@96 70169cfe-8b10-0410-8925-dcb4b91034d8